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($4) TiOe: APPARATUS AND METHOD FOR AN AUTHENTICATED ELECTRONIC USERID 




(ST) Absb-act 

A method and apparatus for an auttwnticated electronic userid (644) comprising an adapted digital signature (632) is provided. 
According to an aspect of the invention, the ada[«ed digital signature (652) is generated using a secure hasli function (620). In one 
embodiment, the result of tlie secure hash function (624) is further modified by selecting a wojd (656) from a word list (632) that 
corresponds to a value produced by the secure hash function (620). inbound electronic messages are analyzed to verify tot they comprise 
an authenticated electronic userid (644) having valid adapted digital signature (652), The verification involves i»-computijig the adapted 
digital signature (652) using remote user informatioit (616) and an originator tey (610). 
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1 

DESCRIPTION 

Aijparatus And Method For An 
Authenticated Ele ctronic Userid 

Field of the Invention 

5 The present invention relates electronic user identification, and more specifically, 

to an apparatus and method for creating and verifying an auttienticated electronic userid. 

Background 

Electronic mail, or "e-mail" has become one of the most popular forms of point-to- 
point conununication for i»opie with access to the Internet. An e-mail system typically 

10 comprises a database server, a local area network (LAN) and/or a modem bank, and an 
internet gateway. A user, who communicates with others via e-mail, is typically given a 
user identification, or "userid", that permanently and uniquely identifies that user with the 
database server. The server typically has its own identity too, for example, the server is 
sometimes referred to as a host and the identity is called a "host name", or in some circles 

15 a "domain name." When a user desires to check their e-mail, the user logs onto the e-mail 
system and e-mail messages are displayed on a terminal device or personal computer. A 
great advantage of e-mail over traditional mail which accounts, in part, for its surge in 
popularity. Is that messages can be delivered significantly faster, messages can be easily 
distributed to significantly more recipients, and it is, generally, less expensive for the user 

20 than regular mail, or "snail mail." 

Junk e-mml or unsolicited bulk e-mail CTJBE"), referred to hereafter as "spam", 
has become a significant problem. Users of electronic messaging applications are 
barraged with spam on a daily basis by spammers (those who create and send spam). 
Spammers usually advertise sham wares, services, pyramid schemes, and, even worse, 

2 5 they send electronic viruses. 

Spam has grown in popularity for a number of reasons. Primarily, it is a low cost 
and fest medium through which messages can' be delivered. Further, llie ease with which a 
spammer can harvest e-mdl addresses, for example, fi-om joke lists, newsgroups, web 
pages and cookies, i»t)vides a steadily expanding audience to which spam can l^ directed. 

3 0 Filters have been proposed and a few developed that attempt to reduce or eliminate 

spam fi"om a user's mail host and/or e-mail client 

One type of spam filter is a sender filter. The sender filter rejects all messages 
from an untn^ted source, such as by way of an authorized or an unauthorized sender list. 
Inbound e-mail messages are simply rejected based upon the source of the message (e.g.. 
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the "£ix>m:" address of a message header). A major problem with the sender filter is that 
the sender's identity is frequently spoofed as either a random sender (wHch bypasses the 
unauthorized sender list) or as a sender unlikely to be rejected (which bypasses the 
authorized sender list.) 

5 Another exan:q}le of a spam filter is a context filter. A context filter examines a 

message body or a message subject l^der and removes messages based upon key words 

or phrases a spammer is likely to include in die message (e.g., "get rich", "work from 
home", "call now", "pom", "xxx", etc.) A problem with context filters is that linguistic 
rules must be set up for a particular user in a particular environment. Moreover, language 

10 or context alone is inherently imprecise. Thus, context type filters generally suffer from 
an over-inclusiveness problem — meaning they filter more messages than they should 
because legitimate messages occasionally match the lingiustic rules of the context filter. 

Still another approach is the use of traditional encryption/decryption technology. 
Traditional encryption/decryption technology includes the use of shared 

15 encryption/decryption algorithms or keys (e.g., asymmetric or symmetric encryption). For 
example, in an asymmetric encryption/decryption system, a sender encrypts a message 
body using the intended recipient's public key. The recipient receives the encrypted 
message and decrypts it using her private key. A problem with this technique is that 
special equipment is required by both the sender and receiver — such as proprietary 

2 0 software or hardware. In a symmetric encryption solution, a secret key is shared between 
the sender and recipient. A problem here is that the shared key can easily be 
compromised. Moreover, encryption/decryption solutions can be computationally 
expensive and difficult to manage as compared to the low value of most e-mail messes. 
Some encryption/decryption solutions even require multiple handshaking and/or a real- 

2 5 time cormection between the sender and receiver. 

Thus, there is a need for a unique method and apparatus for authenticating 
electronic messages that is capable of controlling UBE and other forms of electronic 
messages that clutter coirununication applications such as electronic m£dl. Moreover, 
there is a need for a secure and trusted technique for identifying and filtering unauthorized 

30 electronic messages. 

Summary of the Inventions 

An apparatus and method for creating and verifying an authenticated electronic 

userid is provided. According to one embodiment, an electronic message system 
generates an authenticated electronic userid for a local user that comprises an adapted 
35 digital signature. The adapted digital signature, with other identifiers, provides temporary 
or restricted electoonic message privileges to a remote user. 
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According to one embodiment, the adapted digital signatuie grants privileges to a 
particular remote user for access to a single local user on the message system. However, 
according to another embodiment, the adapted digital signature grants priviieges to a 
number of remote users from a particular host for access to one or more local users on tiw 
5 message system. 

In one embodiment, a process for creatii^ an authenticated electronic usetid 
comprises the acts of generating an adapted digital signature based on an originator key 
and a portion of a remote userid, and concatenating the adapted digital signature with 
originator information to form the authenticated electronic userid. 

10 In another embodiment, a process for authenticating an adapted digital signature 

comprises the acts of extracting a local userid and remote user information from an 
Lncoming electronic message; comparing the local userid to a list of local users; verifying 
the adapted digital signature is valid; and then granting access to an electronic service if 
the adapted digital signature is valid. 

15 A method and apparatus for an adapted digital signature is also provided. 

According to an aspect of the present inventions, the adapted digital signature is generated 
using a digital signature engine and an adaptation algorithm. 

According to one embodiment, a method for creating an adapted digital signature 
comprises: retrieving an originator key, the originator key corresponding to a local userid; 

2 0 running a digital signature engine to create a digital signature, the digital signature based 
on at least the originator key and remote user information; retrieving a word from a word 
list, the word indexed to at least a portion of the digital signature; and returning at least the 
word as the adapted digital signature. 

According to another embodiment, a method for verifying an adapted digital 

25 signature comprises: retrieving an origmator key based on a first portion of address 
information; generating an adapted digital signature based on the originator key and a 
second portion of the address information; comparing a third portion of the address 
information to the adapted digital signature; and acceptmg the electronic message if the 
third portion of the address information and the ad^ted digital signature match. 

30 According to another embodiment, an electronic message system comprises: an 

authenticated message server configured to remove inbound electronic messages if an 
authenticated electronic userid cannot be verified; and a mail host coupled to the 
authenticated message server; and w*erem the authenticated message server is configured 
to remove inbound electronic messages by performing the acts of: generating an adapted 

35 digital signature; comparing a portion of an inbound electronic message to the adapted 
digital signature; and rejecting the inbound electronic message if the portion of the 
in1x)und electronic message and the ad^ted digital signature do not match. 
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Brief Description of the Drawings 

The present inventions are illustrated by way of example, and not by way of 
limitation, in the figures of the accompanying drawings in which lilce reference numerals 
refer to similar elements and in vkiiich: 
5 FIG. 1 is a diagram illustrating one embodiment of an electronic messaging system 

employing an authenticated message servo-; 

FIG. 2 depicts an alternative embodiment of an electronic messaging system 
employing an authenticated message server; 

FIG. 3 is a functional diagram illustrating one embodiment of an authenticated 
1 0 message server and authenticated electronic userid; 

FIG. 4 depicts a ftmctional diagram illustrating of an alternative authenticated 
message server and authenticated electronic userid; 

FIG. 5 is a flowchart depicting the steps of generating an authenticated electronic 

userid; 

1 5 FIG. 6 depicts an embodiment of an adapted digital signature technique; 

FIG. 7 is a flowchart depicting the .steps for verifying an authenticated electronic 
userid; and 

FIG, 8 is a flowchart depicting the steps for verifying an an inbound electronic 
message comprising an adapted digital signature. 

20 Det^^ pegcript?on of thg Pr<;f<?iTed Embodiments 

FIG. 1 depicts an electronic messaging system 100 according to one embodiment 
of the present inventions. System 100 includes a server 108, coupled to a terminal unit or 
personal computer 104, a router 112, and an authenticated message server 116. The 
interconnection or coupling mechanism between the various devices is preferably a fiber 

25 optic network cable, but it can also be a twisted pair, or a wireless intercoimection. 
According to one embodiment, server 108 is a Sun Microsystems SPARC™ system 
running electronic message software such as Oracle Corporation's Interoffice™ 
messaging server. Router 1 12 is a commercially available internet router such as a Cisco 
Systems 7500 Series router. 

30 Authenticated message server 1 16 run on a standard personal computer, such 

as an Intel Pentium™ based microprocessor system. However, authenticated message 
server 1 16 is alternatively part of the software component stack added to server 108. In 
such an embodiment, an application programming interface ("API") for the messaging 
server 108 is added which provides access to the authenticated message server services, 

35 such as the methods and techniques for generating and verifying authenticated electronic 
userids as described herem. In the broader spirit of the inventions, the system can be 
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highly distributed, wherein incwraing and outgoing messages are handled by separate 
servers or computer systems on an interconnected network (e.g, a local area network or 
"LAN"). 

From the server 108, outgoing electronic messages to remote users are typically 
5 passed through an internet gateway router, such as router 1 12. Router 1 12 is preferably 
connected to the internet 120 via a Tl pipeline, or other leased line. Conversely, messages 
from the intemet 120 to a particular local user associated with the server 108 will be 
passed through router 1 12. 

A remote user typically resides on a personal computer, such as laptop 132, which 

10 is also connected to a server 128. Server 1 28 is configured similar to server 108, but it can 
also be a different type of server, such as a Digital Equipment Corporation VAXA''MS™ 
system. The server 128 is likely to run a different messaging system, such as the 
University of Washin^on PINE™ messaging system. Similar to router 1 12, router 124 is 
connected to server 1 28 and the internet 1 20. 

15 In one embodiment, electronic message sj^stem 100 fiirther comprises a wireless 

short message service ("SMS") system. An e-mail to SMS gateway receives an e-mail 
message (preferably an authenticated message) from router 112 or authenticated message 
server 116. The gateway converts the e-mail into one or multiple short messages, 
typically of 160 characters in length, and forwards the short messages to an SMS center. 

20 In turn, the SMS center forwards the message over a wireless link (e.g., a wireless local 
loop) to a local user (e.g., here, the receiving device can be a pager or a cellular 
telephone). A wireless short m^s^e service system is available &om Omnipoint 
Corporation. 

FIG. 2 is an overview of an alternative electronic messaging system 200 employiu^ 
25 the inventions described herein. Intemet 204 is a wide area network of interconnected 
computers. Connected to intemet 204 via a simple mail transfer protocol ("SMTP") 
coimection is a mail exchanger 208. (SMTP is further described in publicly available 
Intemet RFC 821.) A mail exchanger, as used herein, is a server that transmits and 
receives electronic messages (e.g,, e-mail) via the intemet 204. The mail exchanger 208 
30 r^ides in an mtemal network (e.g., a local area network). The mail exchanger 208 is the 
designated sender and receiver of e-msi\ between the internal network and the intemet. 
For load balancing purposes, more than one mail exchanger 208 may service an intemal 
network. The designation of a mail exchanger, such as mail exchanger 208, is preferably 
defined by a domain name server ("DNS") in a mail exchange record. 
35 Connected to mail exchange server 208, also via an SMTP, is authenticated 

message server 212. The authenticated message server 212 is configured to perform 
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functions associated with the generation and authentication of authenticated electronic 
userids, as is described hetein. 

Connected to auttienticated message server 212 via an SMTP link is a mail host 
216. Mail host 216 receives inbound e-mail messages and stores them for reading by a 
5 user. Mail host 216 can also send outbound e-mail messages created by the user. Because 
mail hc»t 216 supports SMTP and post office protocol version 3 ('T0P3), it can be 
embodied in virtually any mail server software, such as Microsoft Exchange Server and 
Lotus Notes. (P0P3 is ftirther described in publicly available Internet RFC 1939.) Thus, 
mail host 216 supports both inbound and outbound electronic messaging. 

10 Optionally connected to authenticated message server 212 via a hyper text transfer 

protocol ("HTTP") link is an administration interfece 224. (HTTP is further described in 
publicly available Internet RFC 1945.) An administrator is able to configure the 
authenticated message server 212 via a web browser or equivalent device throi^ data 
exchanges via HTTP and the administration interface 224. 

15 Users are able to coimect to the mail host 216 via a P0P3 or an SMTP connection 

by way of one or more user e-mail clients 220. Embodiments of e-mail clients include the 
Netscape Communicator available from Netscape Corporation in Mountain View, 
California and the Microsoft Outlook client, available from Microsoft Corporation in 
Redmond, Washington. 

20 FIG. 3 depicts a jftmctional overview of an authenticated message server 300. 

According to one embodiment, the authenticated message server 300 comprises a digital 
signature engine 318 and an adaptation algorithm 320. 

According to a presently preferred embodiment, a local user "roger", who is using 
an electronic message system, such as one running on server 108 (identified by the host or 

25 domain name "domain.com"), composes and requests to send a message to a remote user 
identified as "jenny@mailer.com". When local user "roger" requests to send the message 
to remote user "jenny@mailer.com", a portion of the message, in particular the remote 
userid 308 and the originator userid 304, is passed to a digital signature engine 318 for 
processing. Digital signature engine 318 can also store the local user's (e.g. roger's) 

30 private key, depicted in FIG. 3 as originator key 312. Alternatively, the local user's 
originator key 312 can be sent in addition to or separate fiom the request by the messaging 
system residing on server 108. Preferably, originator key 3 12 is a 256 bit value. 

Remote userid 308, originator userid 304 and originator key 312 are passed to one- 
way hash fimction 316 in digital signature engine 318, In the present case, remote userid 

35 308 is the value "jenny@mailer.com", originator userid 304 is the value "roger" and 
originator key 312 is the (partial) originator key for local user "roger", which has a value 
of "3CF0 40A9 ... 06E0 080116". One-way hash fimction 316 performs a computational 
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algorithm on inputs 304, 308 and 312 to generate a fix-length anay of bits called a hash 
value, but referred to herein as a "digital signature" 319. 

Preferably, the one-way hash function 316 is the Message Digest 5 C'MD5") 
function. The MD5 function is described in RFC 1321, entitled "The MD5 Message- 
5 Digest Algorithm" by R. Rivest and written in 1992. However, in other embodiments, the 
computation algorithm is an encryption algorithm that produces a variable len^ digital 
signature. 

An example of an encryption algorithm that will work in the present invention is 
the data encryption algorithm defined in ANSI document X3.92-1981 (R1987) entitled 

10 "Data Encryption Algorithm", Using a data encryption algorithm, the same inputs as were 
used to produce the hash value are instead encrypted with an authenticated message server 
public key or a local user's public key. Note that when such an authenticated electronic 
userid is returned, it can either be decoded with an authenticated message server private 
key or a local user's private key, or it can be recomputed using the authenticated message 

15 server public key or local user's public key. 

Once the digital signature 319 is computed, the digital signature 319 is passed on 
to adaptation algorithm 320. Adaptation algorithm 320 transforms, or maps the digital 
signature 319 to an acceptable form for transmi^ion in a return e-mail address. 
Preferably, a base64 conversion is performed by adaptation algorithm 320, whereby the 

20 conterminous 6 bit strings of the digital signature are mapped to ASCII characters as 
follows: 



000000-011001 


A-z 


01 loio- 110011 


a-z 


110100 -iinoi 


0-9 


111110 


+ 


mill 


/ 



In one embodiment, the output of the adaptation algorithm 320 is an adapted 
2 5 digital signature 328. However, in another embodiment the functionality of the adaptation 
algorithm 320 is performed by logic circuitry, or it is embedded into the particular 
computational fimction (e.g., one-way hash function 316) directly. In still another 
embodkaent, the digital signature 319 does not need to be transformed with a base64 
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conversion; rather, the messaging system 100 supports binary and other digital formats. 
However, transforming the digital signature 319 into an adapted digital signature 328 in 
the fonn of ASCII characters is preferred, since most legacy systems (e.g., internet e-mail) 
will generally support the character set. AddiUonally, the character set is easily replicated 
5 on a variety of input devices (e,g., comptiter keyboards, telephones, etc.) on which the 
authenticated electronic userid 350 can be typed. 

The adapted digital signature 328 mil become part of an authenticated electronic 
userid 350 for the outbound message to the remote user "jenny@raailer.corQ". Identifiers 
324, 328 and 332, together with the other symbols (e.g., a period, an underscore, a hyphen, 

10 an ampersand, etc.) are concatenated to form authenticated electronic userid 350. For 
example, the return address of local user "roger" would appear similar to the address 
"roger.SrTwIFa9/Da4qwP@domain.com". The authenticated electronic userid 350 will 
be the return/reply address to local user "loger". 

Assuming authorization is otherwise not granted to remote user 

15 "jenny@mailer.com", then the only way remote user "jenny@niailer,com" can send an 
electronic message to local user "roger" is with a message addressed to the authenticated 
electronic userid 350. Since local user "roger" controls whether remote user 
"jenny@maiIer.cora" will receive an authenticated electronic userid 350 with which to 
send him an electronic message, unsolicited electronic messages aiHl/or unsolicited bulk e- 

2 0 mail from remote user "jenny@mailer.com" should not occur. 

FIG. 4 depicts a slightly modified fiinctional overview of authenticated message 
server 300-here identified as authenticated message server 400. Again, the digital 
signature engine 41 8 is preferably embodied in the authenticated message server 400. It is 
noted that the ad^tation algorithm 420 is different than the adaptation algorithm 320 
25 shown in FIG. 3. An improvement in the adaptation algorithm is described below with 
reference to FIG. 6. Moreover, the authenticated electronic userid 450 is different from 
authenticated electronic userid 350. Modifications include the use of a plus sign "+" 
delineator rather than a period between the local userid 424 and tiie adapted digital 
signature 428. Significantly, the ad^ted digital signature 428 is no longer an 

3 0 unrememberabie value, but rather a rememberable value. 

Turning now to FIG. 5, it (tepicts a flowchart of the process of generating the 
authenticated electronic userid 350 shown m FIG. 3. In step 504, a request for an 
autficnticated electronic userid 350 is received by the authenticated message server 116, 
According to one embodiment, an outbound message, which comprises the request, is 
3 5 separated in step 508 and data from the "to:" and "fi-om;" fields is extracted. Additionally, 
the origbator key 312 is also separated, if it is included with the message, or it can be 
stored and retrieved fi:om a table which is part of the authenticated message server 116. 
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According to one embodiment, the outbound message also comprises pre- 
processing security level field that identifies a level of security the message is to receive. 
For example, a "0" security level indicates no authenticated electronic userid is requited 
for the message, v/h&re as a "1" indicates that the authenticated electronic userid is good 
5 for any person at the host or domain name of the remote user or message recipient. A "2" 
indicates that the authenticated electronic userid is good only for the remote user or 
message recipient, and a "3" indicates that tlie electronic userid is good only for a preset 
period of time (e.g., 24 hours) for a particular remote user. In one embodiment of an 
authenticated electronic userid, the value in the security level field is retained as a portion 

XO of the adapted digital signature 228. Various levels and techniques for identifying the 
security level of the authenticated electronic userid can be used. 

Data extracted in the separating step 508, together with the originator key 312 are 
hashed by the one-way hash fimction 316 in step 512, preferably using an MD5 ha^ 
function, to generate the digital signature 319. After step 512, the digital signature 319 is 

15 converted at step 516 using a base64 conversion algorithm. The output of the base64 
conversion algorithm is the adapted digital signature 328. The adapted digital signature 
328 will, in part, grant the remote user "jenny@mailer.com" privilege to reply or send a 
message to local user "roger". 

In step 520, the output of the adaptation algorithm 320, that is, adapted digital 

2 0 signature 328, the originator identifier 324 and the originator's host or domain name 332 
are concatenated as a single authenticated electronic userid (e.g. userid 350). According to 
one embodiment, the result is stored in an authentication log file that can be indexed 
and/or searched for matching strings and/or authorization levels in the future. The 
advantage of such a system is that the authenticated message server 116 can track and 

25 record incoming and outgoing messages and privileges so that security breaches can be 
tracked and examined by an administrator. 

In step 528, the authenticated electronic userid 350 is retumed to the message 
server (e.g. server 108). According to one embodiment the process is repeated for the 
remote user specified in the "cc:" field. When the message server (e.g. 108) spools out 

30 messages to the other remote users, the "fi»m:" field will now contain a unique 
authenticated electronic userid for each of the other users as well. However, in another 
embodiment the identity of other remote users identified in the *to;" and "cc:" fields are 
recorded in an authentication log file so they can be matched with the appropriate inputs 
used when the authenticated electronic userid 350 was created. 

35 In another embodiment, the authenticated message server 116 supports explicit 

requests for an authenticated electronic userid 350 without the need for sending a message 
through the message server (e.g. server 108). Such a system can be employed where a 
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locai user specifically requests an authenticated electronic userid 350 or desires to give 
such a userid to a remote user, organization or internet application (e.g., a distribution list.) 
Instead of sfK)oling out a message with the authenticated electronic userid 350, the 
authenticated message server 116 will return the authenticated electronic useiid 350 
5 directly to the local user. 

FIG. 6 depicts an alternative embodiment of the adaptation algorithm 420 shown in 
FIG. 4 or also adaptation algorithm 320 shown in FIG. 3. A local userid list 604 is shown 
to illustrate the relationship between local userids and originator keys -- shown in 
originator key list 612. 

10 According to a presently preferred embodiment, thirty-seven originator keys are 

used, each originator key having a one-to-many relationship widi local userids 604. The 
first character of local userids 604 determines which originator key is associated with it. 
Twenty-six keys are reserved for letters A-Z {case insensitive), ten for numbers 0-9, and a 
miscellaneous key for characters not matching the first thirty-six values. According to an 

15 alternative enabodiment, any number of originator keys, n, can be used. In yet another 
embodiment, a database can be maintained by the mail host 216 or the authenticated 
message server 212 that identifies local userids and their preferences (e.g., always reject 
messages having an invalid adapted digital signature). If each local userid is allowed one 
or more originator keys, then the database can store them. 

20 Digital signature engine 418, shown as hash function 620 (preferably the MD5 

function), combines a local userid 608, "Alice", with Alice's corresponding originator key 
610 and remote user information 616. Remote user information includes at least a domain 
name and can also include the remote t^erid. The output of the digital signature engine 
418 (shown here hash function 620) is a digital signature (or "hash value" 624, as the case 

25 maybe). The digital signature is preferably a 128-bit value. The adaptation algorithm 626 
then modifies the digital signature. 

Adaptation algorithm 626 first performs a boolean function 628 on the hash value 
624. The extent to which the hash value 624 is modified depends on the size of a word list 
636. According to a presently preferred embodiment, the word list is 4096 words long (as 

3 0 used herein, "vrards" does iwt refer to a length of a value, rather it refers to the value itself 
- a vfotd in the word list can be virtually any length), however, the word list 636 can be 
any length, m, depending on the degree of security desired (tiie more words, the greater 
the security). Since 4096 words are in the word list, the extent of the modification is such 
that it yields a value that is equal to or greater than the number of words, m, in the word 

35 list 636. The boolean function 628 modifies the hash value 624 into a 12-bit value 
referred to herein as a "modified digital signature", or more specifically a "modified hash 
value". In one embodiment, the boolean function 628 selects the first twelve bits as the 
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modified hash value. In another embodiment, AND or OR functions can combine one or 
more preset bit masks to generate the modified hash value. 

The modified hash value from the boolean function 628 is passed to the adapted 
distal signature selector 632. The adapted digital signature selector 632 includes the 
5 word list 636 and, optionally, a number generator 640. The adapted digital signature 
selector 632 selects a particular word fi-om the word list 636 using the modified hash value 
fi-om the boolean function 628. 

According to one embodiment, a modulus function (e.g., the C language modf 
function or % operator) is applied to the modified hash value, the base being the number 

10 of words, m, in the word list 636. If the modulus function returns zero, then the adapted 
digital signature selector 632 retrieves a word correspondir^ to (i.e., mdexed to) the 
modified hash value. However, if the modulus fimction returns a value other than zero, 
then the adapted digital signature selector 632 retrieves a word corresponding to the value 
returned by the modulus function (e.g., the remainder). 

15 For example, if the modified hash value is 3 and there are 5 words in the word list 

636, then word3 is the word selected from the word list 636. However, if the modified 
hash value is 7 and there are 5 words in the wotd list 636, then word2 is the word selected 
from the word list 636. 

The number generator 640 generates a calculated number, a preset number (e.g., 

20 identifying a status or mode for the ad^ted digital signature 652), or any combination 
fheieof. Preferably, the number generator 640 generates a number based on the remaining 
116 bits &om the digital signature (or hash value 624). According to one embodiment, a 
six digit ASCII number is generated. The fmst digit corresponds to the mode of the 
adapted digital signature (e.g., which set of remote user information was us«i as an input 

25 to the digital signature engine 418 - the remote user domain name, or the remote userid 
and domain name). The subsequent five digits are based upon a bit pattern of the unused 
portion of the hash value 624. For example, sixteen bits of the 116 bits can be selected 
and a combination of those sixteen bits can be turned into the five digit number. 

The value 660 generated by the number generator 640 is appended to the word 656 

30 selected from the word list 636 to form the adapted digital signature 652. The adapted 
digital signature 652 is concatenated with a local userid 60S and a domain name 664 to 
form the authenticated electronic userid 644. A delineator (e.g,, "+") separates the local 
userid 608 fi-om the adapted digital signature 652, while the at sign C@") separates the 
adapted digital signature 652 from the domain name 664. Of course, other delineators, 

35 such as the mintis sign ("-"), the underscore ("J')' ^he period ("."), the equal sign ("=") or 
fixed length values can be used to delineate the address informatioa 
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If added security is desired, then the word list 636 can be bit-wise barrel-shifted or 
otherwise scrambied so that the values in the word list 636 cannot be casually copied. 
Accordingly, the scrambled value cati be converted by the adulation algorithm 626 when 
the word is needed, or just before concatenation of the adapted digital signature 652 to 
5 form the authenticated electronic userid 644. 

FIG. 7 is a flovn^hart depicting the steps for verifying an authenticated electronic 
usetid 350 based on a message from a remote user. In step 704, an inbound message is 
passed from router 112 (FIG. 1) to server 108 and is tlien received by authenticated 
message server 116. In step 708, header information, also known as envelope information, 

10 is separated from the inbound message, and in particular the remote user's domain name, 
the remote userid and the authenticated electronic userid 350 are extracted. Referring to 
FIG. 3, the left side of inbound authenticated electronic userid 350, specifically originator 
identifier 324 (e,g., "roger"), is tested in step 712 to oonfiroi that the user is a valid local 
user on the messaging system 1 08. If the originator identifier 324 does not Identify a valid 

15 local user, then the auttienticated message server 116 processing continues to step 736, 
which is explained in further detail below. If the identifier 324 contains a valid local user, 
then the process continues to step 716. 

In step 716, the authenticated message server 116 performs a lookup on the 
originator key (e.g., key 312) related to the local user "roger". Next, in step 720, a hash 

20 (or alternatively a data encryption algorithm) is performed on the local user's originator 
key 312, in combimition vrith the remote user name (e.g., "jenny@mailer.com") 308 by 
the digital signature .engine 318. In step 724, the digital signature 319 returned by the 
digital signature engine 318, at step 720, is converted to ASCII characters by adaptation 
algorithm 320. The result of the conversion (the adapted digital signature 328) is 

2 5 compared with the adapted digital signature of the mbound message (that is, the portion of 

the authenticated electronic userid 350 between the (period) and the "@" (at symbol)) 
in step 728. If a match is confirmed, then the authenticated message server 116 continues 
to step 732, where the inbound message is accepted and passed on to the message server 
108. From here, the process terminates, since the local user "roger" can retrieve the 

3 0 message from the message server 108. 

However, if a matoh is not verified in step 728, or if the local user does not exist 
(step 712), then the message is rejected at step 736. According to one embodiment, the 
remote sender is notified of the rejection and the process ends. However, if tracking is 
desired, then information about the inbound message (i.e., remote userid, remote host, 
35 date, time, etc.) is recorded in a feiiure log file for examination by a system administrator 
at a later time. 



PCT/US99/n285 



FIG. 8 depicts an alternative method for processing an intound electronic message 
comprising an adapted digital signature 652. 

In act 804, an inbound electronic message is lecdved over the internet 204 at the 
mail exchanger 208. According to one embodiment, the inbound electronic message 
5 comprises message header information, such as an SMTP "MAIL From" address and an 
SMTP "RCPT To" address. In act 808, authentiMted message server 212 parses the "to:" 
field ("receiver" information) from the address information (e.g., the "RCPT To" 
information in the SMTP message) to identify a local userid and, possibly, an adapted 
digital signature. The "from:" field ("remote user" or "sender" information) can also be 

10 parsed in act 808. Next, in act 812, a test is performed on the receiver information to 
determine whether an associated local userid is protected by the authenticated message 
server 2 12. If the associated local userid is not protected, then in act 816, the message is 
accepted and passed on to the mail host 216. If the associated userid is protected, then 
processing continues to act 820. 

15 In act 820, the authenticated message server 212 tests the receiver information 

parsed in act 808 to determine whether the receiver information comprises an adapted 
digital signature 652. If the receiver information does not include an adapted digital 
signature 652, then in act 824 the message is conditionally accepted but marked as 
unsigned. In one embodiment, if a local user or the administrator has configured the 

2 0 authenticated message server 212 to reject all unsigned messages, then a receipt log record 
can be made recording the message header information and the message can then be 
purged. However, in another embodiment, the administrator, or the local user, may 
specify that unsigned messages must be queued to a partictdar location for later manual 
review. If the receiver information does include an adapted digital signature 652 then 

2 5 processing continues to act 828. 

In act 828, a key lookup is performed. According to one embodiment, a key 
lookup includes matching a local userid (e.g., from the local userid list 604) with the local 
userid in the authenticated electronic userid (that is, the portion of the userid before the 
"+") and then retrieving the corresponding originator key fi'om the originator key list 612. 

30 In act 832, the remote user information 616, together witii the retrieved originator key 
(e.g., originator key 610) and the local userid 608 are used to calculate a hash value 624 
with the hash function 620. 

It is important to note that if mode uiformation is contained with the inbound 
adapted digital signature, then the particular remote user information used by the hash 

35 ftmction 620 can vary. Thus, accordiE^ to one embodiment, the first digit of the number 
660 will determine which remote user information to include as an input to the hash 
function 620. 
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In act 836, the adaptation algorithm 626 adapts the hash value 624 to form an 
ad^ted digital signature 652 (e.g., the word 656 and number 660). In act 840, the newly 
created adapted digital signature is (ximpared with the adapted digital signature in the 
inbound e-mail message receiver information. If the two adapted digital signatures match, 
5 then processing continues to act 848. However, if the two adapted digital signatures do 
not match, then the inbound e-mail message is rejected by the authenticated message 
server 212. 

In act 848, the inbound e-mail message is accepted by the authenticated message 
server 212 and marked as signed. Once the inbound e-mail message is marked as signed, 

10 it can be passed to the mail host 2 1 6 for access by the user e-mail client 220. 

According to one embodiment, the word list 636 is not configurable after set up of 
the authenticated message server 212, Rather, the word list 636 is must be modified prior 
to initialization of the authenticated message server 212. However, if a post set up 
modifiable word list is desired, then a substitution list can be maintauied. According to 

15 one embodiment, the substitution list is a two field, multi-row table configured to hold a 
first word and a second word in each row. A removed word field (column) holds the word 
that was removed from the word list 636 and a new word field (column) holds the new 
word substituted for the replaced word. 

Thus, when an inbound e-mail message is received at the authenticated message 

20 server 212 the authentication process can further involve testing the substitution list to 
deteimine whether the word 656 in the adapted digital signature 652 is a word in the 
removed word field of the substitution list If the word 656 is in the removed word field of 
the substitution list, then when the adaptation algorithm is performed the word selected by 
the adapted digital signature selector 632 from the word list 636 is matched with a word in 

25 the new word field in the substitution list. The word selected by the adapted digital 
signature selector 632 from the word list 636 is then replaced with the word in the 
replaced word field of the substitution list. 

According to one embodiment of the invention, the electronic message body is not 
accepted via the SMTP process unless the authenticated message server 212 verifies the 

30 adapted digital signature. Such an embodiment saves bandwidth. However, according to 
an alternative embodiment, the authenticated message server 212 verifies the adapted 
digital signature after the message body is (conditionally) accepted. 

In still another embodiment, the functionality of the mail exchanger 208 can be 
incorporated into the authenticated message server 212. 

35 According to one embodiment, the steps for generating and verifyii^ an 

authenticated electronic userid are performed by a computer program fiinctiomng as a 
stand-alone server, or in an add-on software component in a message server. In one 
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embodiment, the instructions for peifbrming the methods and techniques described herein 
(the computer program) are stored on a computer readable medium, such as an 
electromagnetic storage device (e.g., a floppy disk, a magnetic tape, a hard-disk drive, or 
other persistent memory device), or an optical data storage medium (e.g., a CD-ROM). 
5 Generally, prior to execution of the sequences of instructions, the sequence of 
instructions are copied from a non-volatile computer readable medium (e.g., the hard-disk 
drive) to a volatile source (e.g., random access memory) and are executed from the volatile 
computer readable medium. For purposes of explanation, the methods and techniques 
described herein were described with reference to an authenticated message server. Where 

10 the actual functionality is performed, that is on which piece of hardware, is not important 
for purposes of this dracription. For example, server 108 can be configured to perform the 
fiinctionality of both a message server and an authenticated message server. 

The present inventions are particularly useftil as a spam (or junk e-mail) filtet. 
Advantages of the present invention include that it integrates into existing electronic 

15 messaging infrastructure (e.g., SKflP and P0P3 systems) without requiring additional 
hardware or software by both the sender and receiver. Hiere is no need to share 
proprietary encryption/decryption algorithms or keys between a message sender and 
recipient as in traditional symmetric or asymmetric encryption algorithms. Further, it 
greatly reduces the chance of spoofing by a spammer by verifying the recipient 

2 0 infonnation without requiring a handshake or real-time connection between a sender and a 
recipient Finally, the present invention does not rely on complicated linguistic or content- 
based rules for filtering spam. Rather, the invention can be realized without reference to 
the content of the inbound message bcKly. 

In the foregoing specification, the inventions have been described with reference to 

25 specific embodiments thereof It will be evident, however, that various modifications and 
changes can be made thereto without departing from the broader spirit and scope of the 
invention. For example, larger or smaller originator keys (e.g., 48 or 128 bit originator 
keys) can be used. Further, the adapted digital signature can be truncated in order to not 
exceed the boundaries of the address field in an electronic message. Further still the 

30 authenticated message server functionality can be incoiporated into the messs^e server 
(e.g. server 108) rather than in a stand-alone device. In still another embodiment, part of 
the authenticated message server functionality (e.g., generating an authenticated electronic 
userid) can be performed in a client application running on the local iter's computer, 
rather than passing the function on to the message server or authenticated message server. 

35 In yet another embodiment, the authenticated electronic userid is created by a smartcard 
coupled to the local user's computer, or a smartcard connected to a user's wireless 



wo 00/10288 



PCT/US99/17285 



16 



telephone. The specification and drawings are, accordingly, to be regarded in an 
illustrative, rather than a restrictive sense. 
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Claims 

What IS claimed is: 

1 . A method for verifying an authenticated electronic userid comprising: 
receiving an electronic message &om a remote user; 

5 extracting an originator identifier and a first adapted digital signature from 

said electronic message; 

retrieving an originator key based on said originator identifier, said 
originator icey not being shared wth said remote user; 

generating a second adapted digital signature, said second adapted digital 
1 0 signature based on at least said local userid and md origuiator key; 

comparing said first adapted digital signature to said second adapted digital 

signature; 

acceptmg said electronic message fiom said remote user if said first 
adapted digital signature and said second adapted digital signature match; and 
15 rejecting said electronic message fi-om said remote user if said first adapted 

digital signature and said second adapted digital signature do not match. 

2. The method of claim 1 , wherein said act of generating said second adapted 
digital signature comprises: 

hasihing said originator key and a local userid 'wrilth one or more other 
20 identifiers to form a digital signature; and 

converting said digital signature from a first digital format into a second 
digital format, said digital signature in said second digital format being said second 
adapted digital signature. 

3. The method of claim 1, wherran said act of generating said second adapted 
25 digital signature comprises: 

performing an encryption function using said origmator key and a local 
userid with one or more other identifiers to form a digital signature; and 

converting said digital signature ftom a first digital format uito a second 
digital format, said digital signature in said second distal format being said second 
30 adeqjted digital signature. 

4. The method of claim 1, wherein said second adapted digital signature is 
fiuther based on at least a portion of remote user information. 
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5. The method of claim 1, further comprising: 

comparing said originator ideirtifier to a list of local users; and 
rejecUng said electronic message is if said originator identifier is not found 
in said list of local users. 

5 6. A method for creating an authenticated electronic userid comprising: 

receiving a request for said authenticated electronic userid; 
retrieving an originator key, said originator key corresponding to a local 

userid; 

generating an adapted digital signature, said adapted digital signature based 
10 on said originator key, said local userid, and one or more other identifiers; 

concatenatuig said adapted digital signature with at least an originator 

identifier; and 

returning a result of said act of concatenating as said authenticated 
electronic userid. 

15 7. The method of claim 6, wherein said act of generating said adapted digital 

signature comprises: 

hashing said originator key, said local userid, and one or more other 
identifiers to form a digital signature; and 

converting said digital signature firom a first digital format into a second 
20 digital format, said digital signature in said second digital fbimat being said adapted 
digital signature. 

8. The method of claim 6, wherein said act of generating said second adapted 
digital signature comprises: 

performing an encryption function using said originator key, said local 
25 userid, and one or more other identifiers to form a digital signature; and 

converting said digital signature fi-om a first digital format into a second 
digital foimat, said digital signature in said second digital format being said second 
adapted digital signature. 

9. The method of claim 6, wherein ^d second adapted digital signature is 
3 0 further based on at least a portion of remote user infoimalion. 

10. An electronic message system comprising: 

a computer configured to run an electronic messe^e server application; 
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a router coupled to said computer, said router configured to forward a first 
electronic message from a local user, said first electronic message comprising a first 
authenticated electronic userid» and said router further configured to receive a second 
electronic message from a remote user, said second electronic message comprising a 
5 second authenticated electronic userid; and 

a computer program stored in a memory device coupled to said computer, 
said computer program configured to cause said computer to generate said first 
authenticated electronic userid for said first electronic message, said first electronic userid 
having an adapted digital signature and an originator identifier, and said computer 
10 program further configured to cause said computer to reject said second electronic 
message if said computer cannot re-generate said adapted digital signature from envelope 
information associated with smd second electronic message and match said re-generated 
adapted digital signature with a portion of said second authenticated electronic userid. 

11. Hie electronic message sysstem of claim 10, wherein said computer 
1 5 program is further configured to generate said adapted digital signature by: 

hashing an originator key, a local userid, and one or more other identifiers 

to form a digital signature; and 

converting said digital signature from a first digital format into a second 
digital format, said digital signature in said second digital format being s^d adapted 
20 digital signature. 

12. The electronic message system of claim 10, wherein said computer 
program is fiirther configured to: 

extract an originator identifier from said envelope information associated 
with said second electronic message; 

2 5 compare said originator identifier to a list of local users; and 

reject said second electronic message if said originator identifier does not 
match a local userid in said list of local users. 

13. An authenticated message server configured to create and verify an 
authenticated electronic userid, 

3 0 wherein creating said authenticated electronic userid comprises: 

receiving a request for said authenticated electronic userid; 

retrievir^ an originator key, said originator key corresponding to a local 

userid; 
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generating a &st adapted digital signature, said jSrst ad^ted digital 
signature based on said originator key, said local userid, and one or more other identifiers; 

concatenating said first adapted digital signature with at les^ an originator 

identifier; and 

5 returning a result of said step of concatenating as said authenticated 

electronic userid; and 

wherein verifying said authenticated electronic userid comprise: 
receiving an electronic message from a remote user, said electrraiic 
message comprising ssad authenticated eleclronic userid; 
1 0 extracting said originator identifier and furst adapted digital signature from 

said authenticated electronic userid; 

retrieving said originator key based on said originator identifier 
generating a second ad^ted digital signature, said second adapted digital 
signature based on at least said local userid and said originator key; 
1 5 comparing said first adapted digital signature to said second adapted digital 

signature; 

accepting said electronic message from said second remote user if s£ud first 
adapted digital signature and said second adapted digital signature match; and 

rejecting said electronic message from said remote user if said first adapted 
2 0 digital signature and said second adapted digital signature do not match. 

14. The authenticated message server of claim 13, wherem said acts of 
generating said first adapted digital signature and said second adapted digital signature 
comprise: 

hashing said originator key, said local userid, and one or more other 
2 5 identifiers to form a digital signature; and 

converting said digital signature from a first digital format into a second 
digital format, said digital signature in said second digital format being said adapted 

digital signature. 

15. The authenticated message server of claim 13, wherein said act of 
30 generating said first adapted digital signature and said second adapted digital signature 

comprises: 

performing an encryption function using said originator key, said local 
userid, and one or more other identifiers to form a digital signature; and 
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converting said digital signature from a first digital format into a second 
digital format, said digital signature in said second digital format being said second 
ad^ted digital signature. 

16. The authenticated meraage server of clakti 14, wherein sdd one or more 
5 other identifiers include remote xiser information. 

17. The authenticated message server of claim 15, wherein said one or more 
other identifiers include remote user information. 



1 8. The authenticated mesi^ge server of claim 13, wherein said act of verifying 
said authenticated electronic userid further comprises: 
10 extracting said originator identifier from said envelope information 

associated with said electronic message; 

comparing said ori^uiator identifier to a list of local users; and 
rejecting said electronic message if said originator identifier does not match 
a particular local userid in said list of local users. 

15 19. A method for filtering junk electronic mail, comprising; 

receiving an electronic message from a remote user; 

generating an adapted digital signature based on an originator identifier and 
remote user information from said electronic m^sage and an originator key, said act of 
generating comprising: 

2 0 hashmg a local userid associated with said originator identifier, said remote 

user information and said originator key to form a digital signature; 

transforming said digital signature from a first digital format to a second 

digital format; and 

returning said digital signature in said second digital format as said adapted 
25 digital signature; 

comparing said adapted digital signature to a portion of said electronic 

message; 

accepting said electronic message if said adapted digital signature and said 
portion of said electronic message match; and 
30 rejecting said electronic message if said adapted digital signature and said 

porUon of said electronic message do not match. 
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20. The method of claim 19, wherein ssud electronic message is a reply to a 
first electronic message sent from a local userid, said first electronic message comprising 
said originator identifier, and vdiereia said portion of said electronic message compared to 
said adapted digital signature being generated by acts associated with said local userid. 

5 21 . The method of claim 20, wherein said acts associated with said local userid 

comprise: 

hashing s^d local userid, said remote user informalion and said originator 
key to fonn a first digital signature; 

transforming said first digital signature from said first digital format to said 
1 0 second digital format; and 

returning said first digital signature In said second digital format as said 
portion of said electronic message. 

22. A computer readable medium havii^ stored therein one or more sequences 
of instructions for verifying an authenticated electronic userid, said one or more sequences 
15 of instructions causing one or more processors to perform a plurality of acts, the acts 
comprising: 

receiving an electronic message fi'om a remote user; 
extracting an originator identifier and a first adapted digital signature firom 
said electronic message; 

20 retrieving an originator key based on said originator identifier, said 

originator key not being shared with said remote vc^, 

generating a second adapted digital signature, said second adapted digital 
signature based on at least said local userid and said originator key; 

comparing said first adapted digital signature to said second adapted digital 

25 signature; 

accepting said electronic message from said remote user if said first 
adapted digital signature and said second adapted digital signature match; and 

rejectii^ said electronic message from said remote user tf said first adapted 
digital signature and ^d second adapted digital signature do not match. 

30 23 . The computer re^able medium of claim 22, wherein said act of generating 

said second adapted digital signature comprises: 

hashing said originator key and a local userid with one or more other 
identifiers to form a digital signature; and 
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converting said digital signature from a first digital foimat into a second 
digital fonnat, said digital signature in said second digital format being said second 
adapted digital signature. 

24. The computer readable medium of claim 22, wherein said act of generating 
5 said second adapted digital signature comprises: 

performing an encryption function using said originator key and a local 
userid with one or more other identifiers to form a digital signature; and 

converting said digital signature from a first digital format into a second 
digital format, said digital signature in said second digital format beii^ said second 
10 adapted digital signature. 

25. The computer readable medium of claim 22, wherein said second adapted 
digital signature is further based on at least a portion of remote xiser informatioiL 

26. The computer readable medium of claim 22, fiulher comprising: 
comparing said originator identifier to a list of local users; and 

1 5 rejecting said electronic message is if said originator identifier is not found 

in said list of local users. 

27. A computer readable medium having stored therein one or more sequences 
of instructions for creating an authenticated electronic userid, said one or more sequences 
of instructions causing one or more processors to perform a plurality of acts, the acts 

20 comprising: 

receiving a request for said authenticated electronic userid; 

retrieving an originator key, said originator key corresponding to a local 

userid; 

generating an adapted digital signature, said adapted dighal signature based 
25 on said originator key, said local userid, and one or more other identifiers; 

concatenating sdd adapted digital signature with at least an origmator 

identifier; and 

returning a result of said act of concatenating as said authenticated 
electronic userid. 

30 28 . The computer readable medium of claim 27, wherein said act of generating 

said adapted digital signature comprise: 
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hashing said originator key, said local userid, and one or more other 
identifiers to form a digital signature; and 

converting said digital signature from a firat digital format into a second 
, digital format, said digital signature in said second digital format being said adapted 
5 digital signature. 

29. The computer readable medium of claim 27, wherein said act of generating 
said second adapted digital signature comprises: 

performing an encryption function using said originator key, said local 
userid, and one or more other identifiers to form a digital signature; and 
10 converting said digital signature from a fcst digital format into a second 

digital format, said digital signature in said second digital format being said second 
adapted digital signature. 

30. The computer readable medium of claim 27, wherein said second adapted 
digital signature is further based on at least a portion of remote user information. 

15 31. A computer readable medium having stored therein one or more sequences 

of instructions for filtering junk electronic mail, said one or more sequences of instructions 
causing one or more processors to perform a plurality of acts, the acts comprising: 
receiving an electronic message from a remote user; 
generating an adapted digital signature based on an originator identifier and 
20 remote user information from said electronic message and an originator key, said act of 
generating comprising: 

hashing a local userid associated with said originator identifier, said remote 
user information and said originator key to form a digital signature; 

transforming said digital signature from a first digital format to a second 
2 5 digital format; and 

returning said digital signature in said second digital format as said adapted 
digital signature; 

comparing ^id adapted digital signature to a portion of said electronic 

message; 

30 accepting said electronic message if said adapted digital signature and said 

portion of said electronic message match; and 

rejecting said electronic message if said adapted digital signatoe and said 
portion of said electronic message do not match. 
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32. The computer readable medium of claim 31, wherein said electronic 
message is a reply to a first electronic message sent fiom a local userid, said first 
electronic message comprising said originator identifier, and wherein said portion of said 
electronic mess^e compared to said adapted digital signature being generated by acts 

5 associated with said local userid. 

33. The computer readable medium of claim 32, wherein said acts associated 
with said local userid comprise: 

hashing said local userid, said remote user information and said originator 
key to form a first digital signature; 
1 0 transforming said first digital signature firom said first digital format to said 

second digital format; and 

returning said first digital signature in said second digital format as said 
portion of said electronic message. 

34. A method for creating an adapted digital signature comprising: 

15 retrievui^ an originator key, said originator key corresponding to a local 

userid; 

running a digital signature engine to create a digital signature, said digital 
signature based on at least said originator key and remote user information; 

retrieving a word fiom a word list, said word corresponding to at least a 
2 0 portion of said digital signature; and 

returning at least said word as said adapted digital signature. 

35. The method of claim 34, further comprising performing a boolean function 
on said digital signature to create a modified digital signature, and wherein said word is 
retrieved based upon said modified digital signature. 

25 36. The method of claim 34, further comprising 

generating a number, and 

^pending said number to said word to form said adapted digital signature. 

37. The method of claim 34, fiirther comprising concatenatii^ said adapted 
digital signature with said local userid and a domain name. 

30 38. The method of clabn 34, wherein runnmg said digital signature engine 

include 
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performing a one-way hash fiuiction, said one-way hash fiinction using at 
least said originator key and said remote user infoonation, said one-way hash fimction 
generating a hash value, and said hash value being said digital signature. 

39. A method for verifying an adapted digital signature comprising: 

5 retrieving an originator key based on a first portion of address information; 

generating an adapted digital signature, said act of generating comprising: 
creating a digital signature based on at least said originator key and a 
second portion of said address information; 

retrieving a vvord &om a word Ust, said word conesponding to said digital 

10 signature; 

returning at lea^t seud word as said adapted digital signature; 

comparing third portion of said address information to said adapted digital 

signature; and 

accepting ^d electronic message if said third portion of s^d address 
1 5 information and said ad^ted digital signature match. 

40. The method of claim 39, further comprising: 

testing said first portion of said address information to determine whether a 
local user identified by said receiver information employs authenticated message server 
services; and 

20 acceptuig said electronic message if said local user does not employ said 

authenticated message server services. 

41. The method of claim 39, wherein said second portion of said address 
information includes a sender domain name and said first portion of said address 
infomiation includes a local userid. 



25 42. The method of claim 39, whea^in generating said adapted digital signature 

further comprises: 

creating a modified digital signature from said digital signature, said 
modified digital signature created with a boolean function, and wherein said word is 
retrieved jfrom said word list based upon said modified digital signature; 
3 0 generating a number; and 

^pending said number to said word. 
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43. The method of claim 39, wherein creating said digital signature includes 
executing a one-way hash fimction, said one-way hash fiinction using at least said 
originator key and said second portion of said address, information, said one-way hash 
fiinction generating a hash value, and said hash value being said digital signature. 

44. A electronic message system comprising: 
an authenticated message server, said authenticated message server 

configured to remove an inbound electronic message if an authenticated electronic userid 
cannot be verified, said inbound electronic message including address information; 

and a mail host coupled to said authenticated message server; wherein 
said authenticated message server is configured to remove said inbound 
electronic mess^e by performing the acts of: 

generating an ad^ted digital signature, said act of generating comprising: 
creating a digital signature based on at least an originator key and a first 
portion of said address information; 

retricfving a word from a word list, said word corresponding to said digital 

signature; and 

retummg said word as said ad^ted digital signature; 
comparir^ a second portion of address information to said adapted digital 

signature; and 

rejecting said inbound electronic message if said second portion of said 
address information and said adapted digital signature do not match. 

45. The electronic message system of claim 44, further comprising a mail 
exchanger coupled to said authenticated message server and configured to receive said 
inbound electronic message. 

25 46. The electronic message system of claim 44, wherein said authenticated 

message server is configured to perform the act of parsing sender information and receiver 
information fix>m said address information, said receiver information including a local 
userid and a second adapted digital signature. 

47. The electronic message system of claim 44, wherein creating said digital 
30 signature includes executing a one-way hash function, said one-way hash fiinction using at 
least said originator key and a portion of said address information, said one-way hash 
function generating a hash value, and said hash value being said digital signature. 
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48. The electronic message system of claim 44, wherein said act of generating 
said adapted digital signature further comprises performing a boolean fimction on said 
digital signafijie to create a modified digital signature, and wherein said word is retrieved 
based on said modified digital signature. 

5 49. The electronic message system of claim 44, wherein said authenticated 

message server is further configured to perform the acts of: 
generating a number; and 

appending said number to said word to form said adapted digital signature. 
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AME^^DED CLAIMS 
[received by the International Bureau on 9 November 1 999 (09. 1 1 .99); 
ordinal claims 1-49 replaced by new claims 1-36 (1 1 pages)] 

1 1. A method for verifying an authenticated electronic userid (644) comprising: 

2 r^etving an electronic message fiom a remote user, 

3 extracting an originator identifier (608) and a fust adapted digital signature (652) 

4 fiom said electronic message 

5 retrieving an originator key (610) based on said originator identifier (616), said 

6 originator key (610) not being shared with said remote user; 

7 generating a second adapted digital signamre (652), said second adapted digital 

8 signature (652) based on a local usoid (608), said originator key (6 1 0), and 

9 one or more other identifiers, and wherdn said local userid (608) corresponds 

1 0 to said originator identifier (608); 

1 1 comparing said first adapted digital signature (652) to said second adapted digital 

12 signature (652); 

13 accepting said electronic message Stom said remote user if said fust ad^ited distal 

14 signature (652) and said second adapted digital signature (652) match; and 

15 rejecting said electronic messa^ torn said inmjte user if said first adapted di 

16 signature (652) and said second ^lapted digital signamre (652) do not mateh. 

1 2. The method of claim 1 , further comprising: 

2 comparing said originator identifier (608) to a list of local users (604); and 

3 rejecting said electronic message is if said originator ickntifier (608) does not match 

4 at least one local userid in said list of local users (604). 

1 3. The method of claun 1 , wherein said electronic message is addressed to said 

2 audienticated electronic userid (644). 

1 4. A method for creatmg an authenticated electronic userid (644) comprising: 

2 receiving a request for said authenticated electronic us«id (644); 

3 retrieving an originator key (6 1 0), said originator key (6 1 0) corresponding to a local 

4 userid (608); 
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5 generating an adapted digital signature (652), said ads^tted digital signature (652) 

6 based on said originator key (610), said local userid (608), and one or more 

7 other identifiers; 

8 concatenating said adapted digital signature (652) with at least an originator identifier 

9 (608) corresponding to said local userid (608); and 

10 returning a result of said act of concatenating as said authenticated electronic userid 

11 (644). 

1 5 . The method of claim 4, wherein said act of concatenating comprises concatenating 

2 said adapted digital signature (652) with said originator identifier (608) and a domain name 

3 (664). 

1 6. The method of claim I or 4, wherein said act of generating said first or said second 

2 adapted digital signature (652) comprises: 

3 performing a one-way hash fimction, using said originator key (610), a local userid 

4 (608), and remote user information {6l6) as inputs, to form a digital signature 

5 (624); and 

6 converting said digital signature (624) from a first digital format into a second distal 

7 format, said digital signature in said second digital format being said second 

8 adapted digital signature (652). 

1 7. The method of claim 1 or 4, wherein said act of generating said first or said second 

2 adapted digital.signature (652) comprises: 

3 performing an encryption function using said origmatpr key (610), said local userid 

4 (608), and remote user information (616) to form a digital signature (624); and 

5 converting said digital signature (624) from a first digital format into a second digital 

6 format, said digital signature in said second digital format being said second 

7 ad^ted digital signature (652). 

1 8. The method of claim I or 4, wherein said step of generating said first or said second 



2 adapted digital signature (652) con^rises: 
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3 creating a digital signature (524), said digital signature (624) based on at least said 

4 originator key (610), said local uscrid (608), and remote user information 

5 (616); 

6 retrieving a word (656) from a word list (636), said word (656) corresponding to at 

7 least a portion of said digital signature (624)'; and 

8 returning at least said word (656) as said first or said second adapted digital signature 

9 (652). 

1 9. The method of claim 8 , further comprising performing a boolean operation (628) on 

2 said digital signature (624) to create a modified digital signature, and wherein said word 

3 (656) is retrieved based upon said modified digital signafiire. 

1 10. The method of claim 8, further comprising 

2 generating a number (660); and 

3 appending said number (660) to said word (656) to form said firet or said second 

4 stapled digital signature (652). 

1 11. A method for fihering electronic mail, comprising: 

2 receiving an electronic message from a remote user, said electronic message 

3 addressed to an authenticated electronic userid (644); 

4 generating an adapted digital signature (652) based on information from said 

5 electronic message, said act of generating comprising: 

6 performing a one-way hash fimction that uses a local userid (608), remote user 

7 information (616), and an originator key (610) to form a digital 

8 signature (624), and wherem said local itserid (608) corresponds to an 

9 originator identifrer (608) from said electronic message; 

10 transforming said digital signature (624) from a first digital format to a second 

11 digital format; and 

12 returning said digital signature in said second digital format as.said adapted 

13 digital signature (652); 

1 4 comparing said adapted digital signature (652) to a portion of said electronic message; 

15 accepting said electronic message if said adapted digital signature (652) and said 

16 portion of said electronic message match; and 
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rejecting said electronic message if said adapted digital signature (652) and said 
portion of said electronic message do not match. 



1 12. The method of claim 1 1, wherein said electronic message is a reply to a first 

2 electronic message sent from a local user, said first electronic message comprising said 

3 originator identifier (608) and said adapted digital signature (652), and wherein said portion 

4 of said electronic message compared to said adapted digital signature (652) is generated fay 

5 acts associated with said local user. 

1 13 . The method of claim 1 1, wherein said step of transforming said digital signature (624) 

2 &om said first digital format to said second digital format comprises: 

3 retrieving a word (656) from a word list (636), said word (656) corresponding to at 

4 least a portion of said digital signature (624) in said first digital format; and 

5 returning at least said word (656) as said digital signature (624) in said second digital 

6 format 

1 14. The method of claim 1 3 , flirther comprising performing a boolean operation (628) on 

2 said digital signature (624) to create a modified digital signature, and wherein said word 

3 (656) is retrieved based upon said modified digital signature. 

1 15. The method of ciaim 13, further comprising 

2 generating a number (660); and 

3 appending said nunotber (660) to said word (656) to form said first or said second 

4 adapted digital signature (652). 

1 16. A method for verifying an adapted digital signature in an electronic message 

2 comprising: 

3 receiving an electronic message fi-om a remote sender; 

4 retrieving an originator key (6 1 0) based on a first portion of said electronic message, 

5 said first portion of said electronic message comprising receiver addrras 

6 information; 

7 generating an adapted digital signature (652), said act of generating comprising: 
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8 creating a digital signature (624) based on at least said originator key (610) 

9 and a second portion of said electronic message, said second portion of 

10 said electronic m^age comprising remote sender address infomiation 

11 (616); 

12 retrieving a word (656) from a word list (636), said word (656) corresponding 

13 to said digital signature (624); 

14 returning at least said word (656) as said adapted digital signature (652); 

1 5 comparing a third portion of said electronic message to said adapted digital signature 

1 6 (652), said third portion of said electronic message also comprising recciwr 

17 addreK information; and 

1 8 accepting said electronic mrasage if said third portion of said electronic message and 

1 9 said adapted digital signature (652) match. 

1 17. The method of claim 1 6, further comprising: 

2 testing to determine whether a local user (608) corresponding to said first portion of 

3 said electronic message employs authenticated message server services; and 

4 accepting said electronic message ifsaid local user (608) does not employ said 

5 authenticated message server services. 

1 18. The method of claim 16, wherein said remote sender address information (6 1 6) 

2 includes a sender domain name and said receiver address infomiation includes a local userid 

3 (608). 

1 19. The method of claim 16, wherein said step of generating said adapted digital signature 

2 (652) comprises: 

3 creating a modified digital signature from said digital signature (624), said modified 

4 digital signature created with a boolean function (628), and wherein said word 

5 (656) is retrieved from said word list (636) based upon said modified digital 

6 ' signature; 

7 g^erathig a number (660); and 

8 ^paiding said number (660) to said word (656). 
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1 20. The method of cldm 16, wherein creating said digital signature (624) inchides 

2 executing a one-way hash function {620), said one-way hash function (620) using at least said 

3 originator key (610), remote sender address information (616), and receiver address 

4 information, said one-way hash fimction (620) generating a hash value, said hash value bemg 

5 said digital signature (624). 



1 21. A computer-readable medium havmg stored therein one or more sequences of 

2 instructions configured to cause one or more processors to perform the steps described in any 

3 of the above method claims. 

1 22. An electronic message system (100) conq)risuig: 

2 a computer ( 1 08) configured to run an electronic message server applicatiaii; 

3 a router (1 12) coupled to said computer (108), said router (112) configured to forward 

4 a first electronic message fi-om a local user (104), said first electronic message 

5 comprising a first authenticated electronic userid (644), and said router (112) 

6 further configured to receive a second electronic message fi'om a remote usear 

7 (132), said second electronic message comprising a second authenticated 
S electronic userid (644); and 

9 a computer program stored in a memory device coupled to said electronic message 

10 system (1 00), said computer program configured to cause said electronic 

1 1 message system (100) to generate said first authenticated electronic userid 

12 (644) for said first electronic message, said first authenticated electronic userid 

13 (644) having an adapted digital signature (652) and an originator identifier 

14 (608), and said computer program further configured to cause said electronic 

15 message sj^tem (100) to filter said second electronic message if said 

16 electronic message system (1(K)) cannot re-generatc said adapted digital 

17 signature (6 

1 52), based in part on envelope information associated with said second electronic 

2 message, and match said re-generated adapted digital signature (652) with a 

3 portion of said second authenticated electronic userid (644). 

1 23. The electronic message system (1(H)) of claim 22, wherein said computer program is 



2 fiirther configured to generate said ad^ted digital signature (652) by: 
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3 creating a digital signature (624), said digital signature (624) based on said originator 

4 key (61 0), said local userid (608), and remote user infoimation (616); 

5 retrieving a word (656) from a word list (636), said word (656) corresponding to at 

6 least a portion of said digital signature (624); and 

7 returning at least said word (656) as said first or said second adapted digital signature 

8 (652). 

1 24. The electronic message system (100) of claim 22, wherein said computer program is 

2 further configured to: 

3 extract an originator identifier (608) from said envelope information associated with 

4 said second electronic message; 

5 compare said originator identifier (608) to a list of local userids (604); and 

6 reject said second electronic message if said originator identifier (608) does not match 

7 at least one local userid m said list of local userids (604). 

1 25. An authenticated message server (1 16) configured to create and verify an 

2 authenticated electronic userid (644), 

3 wherein creating said authenticated electronic userid (644) comprises: 

4 receiving a request for said authenticated electronic userid (644); 

5 retrieving an originator key (610), said originator key (610) corresponding to a 

6 local userid (608); 

7 generating a first adapted digital signature (652), said first adapted digital 

8 signature (652) based on said originator key (610), said local userid 

9 (608), and one or more other identifier; 

10 concatenating said first adapted digital signature (652) with at least an 

1 1 originator identifier (608); and 

12 returning a result of said step of concatenating as said authenticated electronic 

13 userid (644); and 

14 wherein verifying said autiienticated electronic userid (644) comprises: 

15 receiving an electronic message ftom a remote user (132), said electronic 

16 message comprising said authenticated electronic userid (644); 

17 extracting said originator identifier (608) and first adapted digital signature 

18 (652) from said authenticated electronic userid (644); 
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19 retrieving said originator key (610) based on said originator identifier (608); 

20 generating a second adapted digital signature (652), said second adapted 

21 digital signanare (652) based on said originator key (610), said 

22 originator identifier (608), and one or more other identifiers; 

23 comparing said first adapted digital signature (652) to said second adapted 

24 digital signature (652); 

25 accq)ting said electronic message iErom said remote user (132) if said first 

26 adapted digital signature (652) and said second adapted digital 

27 signature (652) match; and 

28 rcgecting said electronic message from said remote user (132) if said first 

29 adapted digital signature (652) and said second adapted digital 

30 signature (652) do not match. 

1 26. The authenticated message server ( 1 1 6) of claim 25, wherein said acts of generating 

2 said first adapted digital signature (652) and said second adapted digital signature (652) 

3 comprises: 

4 performing an encryption function using said originator key (610), said local userid 

5 (608), and remote user information (616) to form a digital signature (624); and 

6 converting said digital signature (624) fiom a first digital fbnnat into a second digital 

7 format, said digital signature in said second digital format bemg said second 

8 adapted digital signature (652). 

1 27. The authenticated message server (1 16) of claim 25, wharein said act of generating 

2 said first adapted digital signature (652) and said second adapted digital signature (652) 

3 comprises! 

4 performing a one~way hash fimction, using said originator key (6 1 0) and said local 

5 userid (608), and remote user information (61 6) as inputs, to form a digital 

6 signature (624); and 

7 convoting said digital signature (624) Qxm a first digital format into a second digital 

8 format, said digital signature in said second digital format being said second 

9 adf^ted digital signature (652). 
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1 28. The authenticated message server (1 16) of claim 25, wherein said act of gKierating 

2 said adapts digital signature (652) further comprises the steps of: 

3 creating a digital signature (624), said digital signature (624) based on at least said 

4 originator key (610), said local userid (608), and remote user information 

5 (616); 

6 retrieving a word (656) firom a word list (636), said word (656) correspondang to at 

7 least a portion ofsaid digital signahire (624); and 

8 returning at least said word (656) as said first or said second adapted digital signature 

9 (652). 

1 29. The authenticated message server ( 1 1 6) of claim 28, further configured to perform the 



2 acts of executing a boolean operation (628) on said digital signature (624) to create a 

3 modified digital signature, and wherein said word (656) is retrieved based upon said modified 

4 digital signature. 

1 30. The authenticated message server (1 1 6) of claim 28, further configured to perform the 

2 acts of: 



3 generating a number (660); and 

4 {^{^nding said number (660) to said word (656) to form said first or said second 

5 adapted digital signature (652). 

1 31. The authenticated message server (116) ofciaim 25, wherein s^d act of verifying said 

2 authenticated electronic userid (644) further comprises: 

3 extracting said originator identifier (608) fiom said envelope information associated 

4 with said electronic message; 

5 comparing said originator identifier (608) to a list of local userids (604); and 

6 rejecting said electronic message if said originator identifier does not tnatch at least 

7 one local userid in said list of local userids. 

1 32. A electronic message system (200) comprising: 

2 an authenticated message server (212), said auflienticated message server (212) 

3 configured to filter an inbound electronic message if an authenticated 
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4 electronic userid (644) cannot be verified, said inbound electronic message 

5 including address information; 

6 and a mail host (212) coupled to said ^thenticated message server (212); wherein 

7 ^d authenticated message server (212) is configured to filter said inbound electronic 

8 message by performing the acts of: 

9 generating an adapted digital signatoe (652), said act of generating 

10 comprising: 

1 1 creating a digital signature (624) based on at least an originator key 

12 (61 0) and a first portion of said address information; 

13 retrieving a word (656) from a word list (636), said word (656) 

14 corresponding to said digital signature (624); and 

15 remming said word (656) as at least a portion of said adapted digital 

16 signature (652); 

17 comparing a second portion of address information to said adapted digital 

18 signature (652); and 

19 rejecting said inbound electronic message if said second portion of said 

20 address information and said ad^ted digital signature (652) do not 

21 match. 

1 33 . The electronic message system (200) of claim 32, wherein said authenticated message 



2 server (212) is configured to perform the act of parsing sender information and receiver 

3 information fiom said address information, said receiver mformation including an originator 

4 identifier (608), a second adapted dgital signature (652), and sdd sender information 

5 including remote user information (616). 

1 34. The electronic message system (200) of claim 32, wherein creating said digital 

2 signature (624) includes executing a one-way hash fimction (620), said one-way hash 

3 fimction (620) using at least said originator key (610) and a portion of said address 

4 information, said one-way hash function (620) generating a hash valiw, and said hash value 

5 being said digital signature (624). 

1 35. The electronic message system (200) ofclaun 32, wherein said act of generating said 

2 ada|>ted digital signatare (652) fiather comprises performing a boolean function (628) on said 
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3 digitai signature (624) to create a modified digital signature, and wherein said word (656) is 

4 retrieved based on said modified digital signature. 

1 36. The electronic message system (200) ofclaim 32, wherein said authenticated messi^ 

2 server (212) is further configured to perform the acts of: 

3 generating a number (660); and 

4 appending said number (660) to said word (656) to form said adapted digital signature 

5 (652). 
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